← Back to search

io.github.firebase/firebase-mcp

firebase MIT 4,417 stars Scanned 13h ago

Gives AI development tools Firebase-specific capabilities and expertise.

MCP Registry
B
76.6 / 100

Versions

0.3.0 latest
May 19, 2026
PermissionsTool SafetyAuthAnnotationsCode QualityStabilitySpecVuln HistoryAuthorTransparencyCommunity

Tools 0

No tools indexed yet.

Permissions 4

network medium
network
filesystem low
filesystem
shell high
shell
env_vars low
env_vars

Scan Findings 139

info
package.json metadata manifest_parser · 100%
info
Transport: streamable-http manifest_parser · 80%
info
Required env vars (112) manifest_parser · 80%
medium
Permission: network access detected permission_analyzer · 90%
low
Permission: filesystem access detected permission_analyzer · 90%
high
Permission: shell access detected permission_analyzer · 95%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Excessive dependency count: 159 direct dependencies dependency_analyzer · 90%
medium
Suspicious package name: react-dom dependency_analyzer · 60%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.24.0 (GHSA-345p-7cg4-v4c7) dependency_analyzer · 95%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.24.0 (GHSA-8r9q-7v3j-jr4g) dependency_analyzer · 95%
medium
Vulnerable dependency: ajv@8.17.1 (GHSA-2g4f-4pwh-qvx6) dependency_analyzer · 95%
medium
Vulnerable dependency: body-parser@1.19.0 (GHSA-qwcr-r2fm-qrc7) dependency_analyzer · 95%
medium
Vulnerable dependency: express@4.16.4 (GHSA-qw6h-vgh9-j6wx) dependency_analyzer · 95%
medium
Vulnerable dependency: express@4.16.4 (GHSA-rv95-896h-c2vc) dependency_analyzer · 95%
medium
Vulnerable dependency: form-data@4.0.1 (GHSA-fjxv-7rqg-78g4) dependency_analyzer · 95%
medium
Vulnerable dependency: minimatch@3.0.4 (GHSA-23c5-xmqv-rm74) dependency_analyzer · 95%
medium
Vulnerable dependency: minimatch@3.0.4 (GHSA-3ppc-4f35-3m26) dependency_analyzer · 95%
medium
Vulnerable dependency: minimatch@3.0.4 (GHSA-7r86-cg39-jmmj) dependency_analyzer · 95%
medium
Vulnerable dependency: minimatch@3.0.4 (GHSA-f8q6-p94x-37v3) dependency_analyzer · 95%
medium
Vulnerable dependency: pglite-2@npm:@electric-sql/pglite@0.2.17 (MAL-2025-42056) dependency_analyzer · 95%
medium
Vulnerable dependency: tmp@0.2.3 (GHSA-52f5-9888-hmc6) dependency_analyzer · 95%
medium
Vulnerable dependency: astro@2.2.3 (GHSA-49w6-73cw-chjr) dependency_analyzer · 95%
medium
Vulnerable dependency: astro@2.2.3 (GHSA-5ff5-9fcw-vg88) dependency_analyzer · 95%
medium
Vulnerable dependency: astro@2.2.3 (GHSA-c4pw-33h3-35xw) dependency_analyzer · 95%
medium
Vulnerable dependency: astro@2.2.3 (GHSA-fvmw-cj7j-j39q) dependency_analyzer · 95%
medium
Vulnerable dependency: astro@2.2.3 (GHSA-ggxq-hp9w-j794) dependency_analyzer · 95%
medium
Vulnerable dependency: astro@2.2.3 (GHSA-j687-52p2-xcff) dependency_analyzer · 95%
medium
Vulnerable dependency: astro@2.2.3 (GHSA-whqg-ppgf-wp8c) dependency_analyzer · 95%
medium
Vulnerable dependency: astro@2.2.3 (GHSA-wrwg-2hg8-v723) dependency_analyzer · 95%
medium
Vulnerable dependency: astro@2.2.3 (GHSA-x3h8-62x9-952g) dependency_analyzer · 95%
medium
Vulnerable dependency: astro@2.2.3 (GHSA-xf8x-j4p2-f749) dependency_analyzer · 95%
medium
Vulnerable dependency: astro@2.2.3 (GHSA-xr5h-phrj-8vxv) dependency_analyzer · 95%
medium
Vulnerable dependency: firebase@9.16.0 (GHSA-3wf4-68gx-mph8) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-36qx-fr4f-26g5) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-3g8h-86w9-wvmq) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-3h52-269p-cp9r) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-3x4c-7xq6-9pq8) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-4342-x723-ch2f) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-5j59-xgg2-r9c4) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-7gfc-8cq8-jh5f) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-7m27-7ghc-44w9) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-8h8q-6873-q5fj) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-9g9p-9gw9-jx7f) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-c4j6-fc7j-m34r) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-f82v-jwr5-mffw) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-ffhc-5mcf-pf4q) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-fr5h-rqp8-mj6g) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-g5qg-72qw-gw5v) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-g77x-44xx-532m) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-ggv3-7p47-pfv8) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-gp8f-8m3g-qvj9) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-gx5p-jg67-6x7h) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-h25m-26qc-wcjf) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-h64f-5h5j-jqjh) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-mwv6-3258-q52c) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-q4gf-8mx6-v5v3) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-qpjv-v59x-3qc4) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-vfv6-92ff-j949) dependency_analyzer · 95%
medium
Vulnerable dependency: next@14.1.0 (GHSA-xv57-4mr9-wg8v) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-353f-5xf4-qw67) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-356w-63v5-8wf4) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-4r4m-qw57-chr8) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-4w7w-66w2-5vf9) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-64vr-g452-qvp3) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-859w-5945-r5v3) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-8jhw-289h-jh2g) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-93m4-6634-74q7) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-9cwx-2883-4wfx) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-c24v-8rfc-w8vw) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-g4jq-h2w9-997c) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-jqfw-vq24-v9c3) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-vg6x-rcgg-rjx6) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-x574-m823-4x7w) dependency_analyzer · 95%
medium
Vulnerable dependency: vite@4.2.1 (GHSA-xcj6-pq6g-qj4x) dependency_analyzer · 95%
medium
Vulnerable dependency: shelljs@0.8.3 (GHSA-4rq4-32rv-6wp6) dependency_analyzer · 95%
medium
Vulnerable dependency: shelljs@0.8.3 (GHSA-64g7-mvw6-v9qj) dependency_analyzer · 95%
medium
Vulnerable dependency: js-yaml@4.1.0 (GHSA-mh29-5h37-fv8m) dependency_analyzer · 95%
medium
Vulnerable dependency: webpack@5.75.0 (GHSA-38r7-794h-5758) dependency_analyzer · 95%
medium
Vulnerable dependency: webpack@5.75.0 (GHSA-4vvj-4cpr-p986) dependency_analyzer · 95%
medium
Vulnerable dependency: webpack@5.75.0 (GHSA-8fgc-7cc6-rx7x) dependency_analyzer · 95%
medium
Vulnerable dependency: webpack@5.75.0 (GHSA-hc6q-2mpp-qw7j) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-26hh-7cqf-hhc6) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-492v-c6pp-mqqv) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-8h8q-6873-q5fj) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-ffhc-5mcf-pf4q) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-h64f-5h5j-jqjh) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-wfc6-r584-vfw7) dependency_analyzer · 95%
medium
Vulnerable dependency: @angular/common@17.0.5 (GHSA-58c5-g7wp-6w37) dependency_analyzer · 95%
medium
Vulnerable dependency: @angular/compiler@17.0.5 (GHSA-g93w-mfhg-p222) dependency_analyzer · 95%
medium
Vulnerable dependency: @angular/compiler@17.0.5 (GHSA-jrmj-c5cx-3cw6) dependency_analyzer · 95%
medium
Vulnerable dependency: @angular/compiler@17.0.5 (GHSA-v4hv-rgfq-gp49) dependency_analyzer · 95%
medium
Vulnerable dependency: @angular/core@17.0.5 (GHSA-g93w-mfhg-p222) dependency_analyzer · 95%
medium
Vulnerable dependency: @angular/core@17.0.5 (GHSA-jrmj-c5cx-3cw6) dependency_analyzer · 95%
medium
Vulnerable dependency: @angular/core@17.0.5 (GHSA-prjf-86w9-mfqv) dependency_analyzer · 95%
medium
Vulnerable dependency: @angular/platform-server@17.0.5 (GHSA-45q2-gjvg-7973) dependency_analyzer · 95%
medium
Vulnerable dependency: @angular/platform-server@17.0.5 (GHSA-68x2-mx4q-78m7) dependency_analyzer · 95%
medium
Vulnerable dependency: @angular/platform-server@17.0.5 (GHSA-rfh7-fxqc-q52v) dependency_analyzer · 95%
medium
Vulnerable dependency: @angular/ssr@17.0.5 (GHSA-68x2-mx4q-78m7) dependency_analyzer · 95%
medium
Vulnerable dependency: @angular/ssr@17.0.5 (GHSA-x288-3778-4hhx) dependency_analyzer · 95%
medium
Vulnerable dependency: express@4.15.2 (GHSA-qw6h-vgh9-j6wx) dependency_analyzer · 95%
medium
Vulnerable dependency: express@4.15.2 (GHSA-rv95-896h-c2vc) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-267c-6grr-h53f) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-36qx-fr4f-26g5) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-3g8h-86w9-wvmq) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-c4j6-fc7j-m34r) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-gx5p-jg67-6x7h) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-mg66-mrh9-m8jx) dependency_analyzer · 95%
medium
Vulnerable dependency: next@16.2.4 (GHSA-vfv6-92ff-j949) dependency_analyzer · 95%
medium
Vulnerable dependency: firebase@9.9.0 (GHSA-3wf4-68gx-mph8) dependency_analyzer · 95%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.11.5 (GHSA-345p-7cg4-v4c7) dependency_analyzer · 95%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.11.5 (GHSA-8r9q-7v3j-jr4g) dependency_analyzer · 95%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.11.5 (GHSA-w48q-cv73-mx4w) dependency_analyzer · 95%
high
Generic API Key Assignment found in scripts/agent-evals/templates/crashlytics-flutter/lib/firebase_options.dart secret_scanner · 75%
high
Generic API Key Assignment found in scripts/agent-evals/src/data/index.ts secret_scanner · 75%
high
Hardcoded Password found in src/emulator/auth/state.ts secret_scanner · 65%
medium
High-entropy string (5.95 bits/char) in firebase-vscode/src/webview.ts:64 entropy_analyzer · 54%
medium
High-entropy string (5.87 bits/char) in scripts/emulator-tests/functionsEmulator.spec.ts:485 entropy_analyzer · 53%
medium
High-entropy string (5.86 bits/char) in scripts/emulator-tests/functionsEmulator.spec.ts:533 entropy_analyzer · 52%
medium
Buffer.from base64 in src/accountImporter.ts:36 entropy_analyzer · 75%
medium
Buffer.from base64 in src/init/features/ailogic/index.ts:134 entropy_analyzer · 75%
medium
Buffer.from base64 in src/init/features/hosting/github.ts:657 entropy_analyzer · 75%
medium
Buffer.from base64 in src/init/features/hosting/github.ts:681 entropy_analyzer · 75%
medium
Hex string literal (>50 chars) in src/deploy/hosting/uploader.spec.ts:112 entropy_analyzer · 70%
medium
Hex string literal (>50 chars) in src/deploy/hosting/uploader.spec.ts:113 entropy_analyzer · 70%
medium
Buffer.from base64 in src/management/apps.ts:574 entropy_analyzer · 75%
medium
Buffer.from base64 in src/mcp/tools/core/get_sdk_config.ts:53 entropy_analyzer · 75%
medium
Buffer.from base64 in src/gcp/secretManager.ts:224 entropy_analyzer · 75%
medium
Buffer.from base64 in src/emulator/tasksEmulator.ts:272 entropy_analyzer · 75%
medium
Buffer.from base64 in src/emulator/auth/state.ts:942 entropy_analyzer · 75%
medium
Buffer.from base64 in src/emulator/auth/operations.ts:2991 entropy_analyzer · 75%
info
SLSA Build Level 1 detected slsa_assessor · 85%
high
High-risk OAuth scope: https://www.googleapis.com/auth/cloud-platform oauth_scope_analyzer · 80%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
SBOM generated: 3132 components sbom_generator · 100%
info
MITRE ATLAS technique coverage summary atlas_annotator · 100%
info
ATLAS: Adversarial ML Supply Chain (AML.T0043) atlas_annotator · 100%
info
ATLAS: Poison Training Data (AML.T0020) atlas_annotator · 100%